Cybersecurity is only in the spotlight when it fails. After high-profile, large-scale data breaches, it takes a beating. But cybersecurity provides critical layers of infrastructure in our modern, cyber-dependent society. Rehearsing for potential failures is always worthwhile. Executives tend to relegate cybersecurity to the IT department. That is a mistake, because cyber incidents affect the entire organization. We should conduct regular cybersecurity drills, as we do fire and safety drills. That’s where tabletop exercises can play a big role. At last month’s Cyber3 Conference Tokyo 2017, international stakeholders from academia, industry, government and civil society gathered at Keio University for …

Good cybersecurity has tremendous potential to improve society, business and services we use every day. Because of its very nature, though, it involves discussion of bad actors and defensive measures, which can easily skew public perception. Indeed, big breaches seem to be occurring more and more frequently, and the bad guys are always in the headlines, making it all the more important to pause and take stock of the situation. In October, international stakeholders from academia, industry and government gathered in Japan for the third annual Cyber3 Conference Tokyo 2017. The two-day event was held at Keio University in conjunction …

Originally posted: The Economist Big firms are putting non-Japanese on their boards MICHAEL WOODFORD, the first non-Japanese president of Olympus, likened the camera-maker’s board members who sacked him in 2011 to “children in a classroom”. Mr Woodford had confronted Tsuyoshi Kikukawa, the company’s imperious chairman, over a $1.7bn hole in its finances. Mr Kikukawa responded by orchestrating a show of hands in a boardroom coup that sent the Englishman packing. It all fitted a cliché of Japan’s boardrooms as an all-Japanese, all-male club where wizened bosses ruthlessly enforce wa, or harmony. Gradually, the serenity is being disrupted. Nearly 15% of …

As organizations around the world begin to take cybersecurity threats more seriously, large-scale attacks like the recent breach of a major credit reporting agency seem to be happening more frequently. At the same time, there’s increased focus on who’s responsible for security vulnerabilities. The aforementioned Equifax attack exposed the personal data of as many as 143 million Americans, triggered a lawsuit by the state of Massachusetts as well as at least 50 class-action suits, Federal Trade Commission and FBI investigations and questions from a Senate oversight committee. Also in September, one of the world’s largest accounting firms was hit by …

Companies and organizations are still struggling to deal with ransomware, a cyberattack in which user data is encrypted and held hostage, supposedly until a ransom is paid. This trend looks set to continue and perhaps even intensify. I often get asked by executive management about what they should be doing and what questions they need to be asking. Those questions can be a useful guide for those who aren’t sure if they’re doing enough beyond asking the IT department to take care of it. Instead of the usual spiel about what equipment to purchase or what software to install, I …

This is a personal blog. The opinions expressed here represent my own and not those of my current or past employer, clients, government agencies and/or other people. All data and information is provided on this site is for informational purposes only and on an as-is basis. This site makes no representations as to accuracy, completeness, timeliness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. Furthermore, my Blog editor (currently Blogger) does not have any provisions for automatic spell checking that I can find. Thus, please don't complain about spelling or grammar (especially if I'm sending this from my BlackBerry). Additionally, my thoughts and opinions change constantly. This is part of having an open and ever curious mind. This blog is intended to provide a brief snapshot and manifestation of the various random thoughts I've had throughout the day, and as such thoughts and opinions expressed within out-of-date posts may not be the same, nor even similar, to those I may hold today. Therefore, some entries, I will update from time-to-time. This may seem revisionist, but I don't always have time to reflect and elaborate at that particular moment and/or may want to clarify them in the future. Blogs with titles are entries I have made for this blog site and this site only. Any others are captured from select Twitter or Facebook feeds to maintain a timeline or to remind me of an event.